Skip to main content
AT&T Community Forums
Announcements
Learn how to Get the iPhone 12 Now!

Tutor

 • 

3 Messages

Mon, Sep 17, 2018 11:50 PM

Tech Support for OAuth E-Mail changes

Earlier this year my e-mail just stopped working. I would connect and it wouldn't authenticate. So I called tech support. This happened a couple of times, and my e-mail would be down for up to a week before they fixed anything.

 

The encounters with tech support were frustrating. They kept referring me to the web based email on the ATT website, or suggesting that I "get the app", or that I had a problem with my e-mail client. This was all a waste for time, since it was clear that something had changed with your servers that they didn't know about.

 

I ultimately figured out that the problem was the new OAuth changes. I went through the procedure and fixed it myself. None of the suggestions by your tech support pointed me toward this solution. They didn't know about OAuth at all.

 

Now, more recently, a good friend of mine was frantically hunting me down for help because her e-mail stopped working. She had already called your tech support and also Microsoft's tech support. neither helped. Your support still knew nothing and Microsoft tried to sell her Office365. I connected to her via Team Viewer and walked her through the OAuth changes, which basically assign a new password for the e-mail client.

 

My point: YOUR TECH SUPPORT DOESN'T KNOW ANYTHING ABOUT THE REQUIRED OAUTH CONFIGURATIONS, WHICH ARE NEEDED BY ANYONE USING A DESKTOP CLIENT TO ACCESS THEIR E-MAIL.

Responses

_xyzzy_

Expert

 • 

15K Messages

2 years ago

Just curious.  Did you you actually use OAuth[2?] password authorization (for an IMAP account) or only just the secure mail key?  If you use OAuth[2] then just for your FYI you could use a secure mail key as an instead. You should have posted in these forums first.  I've been repeatedly pointing people ad that OAuto/secure mail key article for some time now but specifically for the secure mail key. 

 

I always thought that they use of the term "OAuth" in that article was a bit confusing since (a) not all email clients may support it and (b) even if the client does they never make it clear whether OAuth meant OAuth1 or OAuth2.  They are not compatible.  It's still not clear even today.  So if you used OAuth which one does your email client support because I don't think any client supports both.  Thunderbird for instance supports OAuth2 for IMAP only (never tried it) but they don't list Thunderbird as "compatible".

Tutor

 • 

3 Messages

2 years ago

I pasted the "secure mail key" (basically a new password) into my pop3 mail client, which is Pegasus Mail. When I set this up for my friend, I pasted her key into some version of Outlook.

_xyzzy_

Expert

 • 

15K Messages

2 years ago

Ok.  That's what I was trying to find out.  You can view the secure mail key as a password with a fancy name.  I initially did too.  But since then I've learned there is actual valid reasoning behind it as a added layer of security to protect your account.

Tutor

 • 

3 Messages

2 years ago

OK, but...

 

The point of this post, is that people are calling ATT tech support with problems accessing their e-mail using whatever desktop client, and your tech support (in the Philippines) knows nothing about OAuth or the key. Thus, users must argue with the support people, typically for 45 minutes, without getting anything close to a valid answer. This is a waste of time. 

 

Somebody needs the give them a clue.

_xyzzy_

Expert

 • 

15K Messages

2 years ago

...and your tech support (in the Philippines) knows nothing about OAuth or the key

It's not my tech support!  I'm a user just like you.  Yes, I can see tech support not knowing about the key considering the answers are most likely not on their prepared scripts.

 

[rant]

The first "announcement" about secure mail keys and OAuth came out in February 2018.   Most email app users still don't know about secure mail keys either.  This is because att (at least the group that publishes those announcements) seems to assume that when they post one of those announcements everyone, that apparently that includes tech support, is just to magically know that it exists and where to read them.

 

IMO things affecting email client apps should have be made more visible.  Att is sending conflicting signals about their email support.  They go out of their way to tell users about changes to the webmail (I wonder if tech support even knows about that) but nothing as visible about changes that may affect all email client app users.   Obviously att does not place equal importance on email client apps as they do for webmail.  Some will even tell you email client apps are not supported by att at all, only the webmail.  So it's not surprising tech support knows little about email app support in general if they know anything at all in the first place.

[end rant]

 

 

Contributor

 • 

3 Messages

2 years ago

The first approach with the support AT&T is that your stuff is the problem....they have you go through all sorts of needless steps to solve a problem that isn't at your end.....2nd You are not the only person describing a problem with email problems, there would be a trend and a solution. Like knowing security features are changing and the customer needs to know that....so the question to the customer should be "Have you made the security updates to your email client ?"  and how to do that. The reason I'm upset is I know how they try and shed the blame for problems.........I worked for these clowns for 42 years..........I know the script.  It's a Communication Company with no communication between their own departments. I am actually migrating all my email to a different server because I can not get my email client thunderbird to work on the sbcglobal.ner server (Yahoo) this new upgrade in security has been going on for over 5 months and still no cut and dried solution to my problem. I look at it this way....I will not be having to look at their adds ever again...lost revenue for these folks..if they were really interested in security they would allow #%* these in a password like every other place that requires a password.......just boggles the mind. End of rant......moving on

ejp_1

Teacher

 • 

55 Messages

a year ago

Here it is Sept of 2019 and I have not converted to OAuth nor the special secure key and my email works fine, but I've just started in last 2 weeks getting the ATT emails saying I have to convert. In  my experience anytime I change my email password there's a long string of unintended consequences. I have iPhones and iPads to change too. A big pain!

 

What if I ignore this. It ain't broken so why fix it? What's the "added security" buy me in return for the added level of complexity?. Correct me if I'm wrong, but I only see the following three ways for someone to crack my ATT email login credentials and read my (very boring) email. They might find out where I'm going fishing next week.

 

1. Look over my shoulder when I login.

2. install a keylogger on my PC. I'm very careful where I click, and run a lot of anti malware apps daily.

3. Hack the ATT/Yahoo server to find them. That is a likely possibility since they hacked the Pentagon and IRS.

 

PS: can anyone please explain the ATT/Yahoo relationship? I thought they were divorced and went separate ways? Why is Yahoo still involved with ATT for people who's email domain is not .....@yahoo.com?

 

_xyzzy_

Expert

 • 

15K Messages

a year ago

@ejp_1 

...but I've just started in last 2 weeks getting the ATT emails saying I have to convert.

More than one, sent to the same email address?Man Surprised

 

In my experience anytime I change my email password there's a long string of unintended consequences.

The secure mail key is not your account password.  It won't affect your account login to the att web pages.  It's only use is for email client apps (currently).

 

I have iPhones and iPads to change too. A big pain!

Can't help that.  But hopefully it should only be necessary to do only one time.  Once done, should you ever have to change your account password, you won't have to change your email clients.

 

What if I ignore this. It ain't broken so why fix it? What's the "added security" buy me in return for the added level of complexity?

The reasoning behind the secure mail key is to add another layer of security for your account. If you use your account password in your email client(s) then theoretically if the device(s) containing the client(s) falls into the wrong hands there is the possibility a clever hacker could extract your account and its password. Then they could log into your account to do all sorts of mischief and get your personal info. But if the client(s) only have the secure key they cannot log into your account. You can then also make it impossible for them to even use the email client(s) simply by logging into your account and changing the secure mail key.

 

The concept of a secure mail key is not unique to att email.  Other systems have them too but are usually referred to as "application passwords" or something similar.  Att used the term "secure mail key" I guess since it's only used for email.  The more general term "application password" is for system that allow you to generate these kind of passwords for other kinds of apps in addition to email.  Yahoo refers to them as "3rd party app passwords".

 

PS: can anyone please explain the ATT/Yahoo relationship? I thought they were divorced and went separate ways? Why is Yahoo still involved with ATT for people who's email domain is not .....@yahoo.com?

Yahoo is att's email service provider.

 

Also because I guess it's cheaper for att yahoo writes most of the code for the att home/portal page and the webmail (look at the html code, yahoo has their fingerprints all over it).  And because of the email you have yahoo's parent company, OATH (not to be confused with OAuth) looking over your shoulder in the webmail.  And OATH's parent is Verizon, an att competitor.  Strange world.

ejp_1

Teacher

 • 

55 Messages

a year ago

Ok, thank you. Clears a few things up.  I use eMClient with IMAP for email and am familiar with the "application specific passwords" concept from Apple since my PC is fully synced with iCloud (iPhone/iPad) for calendar and contacts. Very cool and seamless, but you need to enable 2 factor auth. first in iCloud (Apple ID) to get the app specific password to work. Took me a year to figure that all out and then getting the eMC settings set right.

 

As far as the added security goes, I'm thinking this varies with an individual's MO. For me there's just tax and financial stuff which is in an encrypted folder. The rest they can have. Plus, after a burglary attempt years ago, the PC has a fat stainless cable connecting it to a very large desk. Any access would have to be on the premises and unless the system is left on (virtually never when I'm absent) it won't boot without the Win10 PIN, thus no access to encrypted files were they to remove hard drives.

 

On Yahoo, while I virtually never use it, I think Yahoo webmail is actually pretty nice. But won't sync with Apple Calendar, and syncing contacts is a pain too, thus I use a client. But, it's great for "lite" users. I just thought it odd that after the Yahoo meltdown some years ago that ATT wanted anything to do with them. What happens when the current Yahoo shuts down?

 

Thanks again for the response and your contributions to this forum!

 

_xyzzy_

Expert

 • 

15K Messages

a year ago

@ejp_1 

As far as the added security goes, I'm thinking this varies with an individual's MO. For me there's just tax and financial stuff which is in an encrypted folder. The rest they can have. Plus, after a burglary attempt years ago, the PC has a fat stainless cable connecting it to a very large desk. Any access would have to be on the premises and unless the system is left on (virtually never when I'm absent) it won't boot without the Win10 PIN, thus no access to encrypted files were they to remove hard drives.

Whether you care about what's on the device or not you still don't want them knowing your ISP (att in this case) account password.  They then could see all the stuff you see in your myAT&T billing and profile info.  With the secure key they could never get in there and you still have the option of cutting off the use of the device's email by them.

 

What happens when the current Yahoo shuts down?

Should that ever happen then I think att would just transfer the use of those domains to another email service provider.  It's probably a non-trivial process and finding an email service provider that can handle the load of millions of users efficiently (and at the right price) may be an equally daunting task.  Of course att could bring email service back in house like all the old baby bells once had.  What a concept!Man Surprised  But I don't see that happening.

SSE

Mentor

 • 

21 Messages

a year ago

Hello all, 

 

I'm having a horrible time figuring all this out. I think I'm just too old LOL Can someone help? I received the emails as it seems everyone did, saying to update my AT&T email setting. Wasn't having any issues until I read the emails. The next day I didn't get any email on my phone, except gmail. Was going to log in on my computer to read the email/troubleshooting on how to set it up on my phone. It said, a quick way to find out if my email app uses OAuth is to start setting up a new email account in the app and if it offers me a list of email providers that includes Yahoo my email app (I'm using a Galaxy S8+ BTW) is OAuth compatible. But then it says to Yahoo as my provider. So, I deleted my main bellsouth.net account and then added it back. It seems to be working now. Although I can't log into any of my other bellsouth.net email accounts either on my phone or on my computer. 

 

My question(s) after all that back story are, 

 

        If I'm just selecting "email" and then selecting "other" is it going to continue to work or will it stop working? I tried to use yahoo but all that did is make me a new yahoo.com

        account (sigh). I have several bellsouth.net accounts depending on if I want to get email from places where I want to look at something and they require an email. 

 

         Is any of this mess going to affect my gmail account access?

 

I feel like I'm rambling, I hope someone can decipher what I'm asking and help me. Thank you in advance from this tired old lady 🙂

_xyzzy_

Expert

 • 

15K Messages

a year ago

A lot of clients offer yahoo (maybe gmail, outlook) choices to quickly configure their email client settings.  But they don't offer att/yahoo email which uses different servers.  If you know how to set up a client's email settings that no problem,  The only info you ever need is the services server settings, which for att are documented here.  But if you don't know how to manually configure a client that could be a problem. 

 

Since yahoo is usually offered as a choice for a setup (you said it was) I think it's settings are close enough to att/yahoo email (ports, ssl) to use with the exception of the server names.  So if you set up for yahoo, get into your settings where the server information is specified and replace the names with those shown in that att server article I referenced.  Be careful to chose the right set, i.e., for IMAP or POP, however you specified the initial setup.

ejp_1

Teacher

 • 

55 Messages

a year ago

Is my understanding correct that with iOS 12.x.x, which is OAuth2 compliant per Apple, and using the built-in iPad Apple mail that i'm all set and do not need to take further action with my @Pacbell.net domain?

 

On that note, I just had a 2nd  occurance where someone can't send email to my @Pacbell.net domain. Is it a known issue that vintage ATT legacy domains like "pacbell" are being phased out? I've had the email since the dawn of the internet, maybe 30 yrs. For the past year or so, no email from wife's Kohls acct will reach her in spite of many calls to their "tech support". They keep sending yet nothing appears. I finally created her a gmail.com acct just for Kohls and it works fine. Now for me with a WD  NAS server at a friends house, in trying to change password it wants to send me a confirmation email. Not received over two days and many tries. Switched to my gmail acct. and works fine.

 

To enable OAuth with Windows 10 with eMClient, following ATT's directions for OAuth support, I created a new account selecting "Yahoo" from the list of option, vs doing it manually as I always had, the account was auto-created, all my IMAP email/folders are there and works fine.  I was amazed at how easy. I never selected Yahoo before because I assumed that was for the old generic plain vanilla yahoo.com that has nothing to do with ATT.

_xyzzy_

Expert

 • 

15K Messages

a year ago

@ejp_1 

Is my understanding correct that with iOS 12.x.x, which is OAuth2 compliant per Apple, and using the built-in iPad Apple mail that i'm all set and do not need to take further action with my @Pacbell.net domain?

It's the email client that needs to support OAuth2 (backed by the underlying OS of course).  Most clients give you a choice of how to authenticate (e.g., passwords, OAuth2, etc.) .  You need to explicitly specify that in your client's settings.  It's not automatic.

 

Is it a known issue that vintage ATT legacy domains like "pacbell" are being phased out? I've had the email since the dawn of the internet, maybe 30 yrs.

None of att's domains are going away.    Do you think they are going screw (probably) millions of users who using those domains?

 

I created a new account selecting "Yahoo" from the list of option, vs doing it manually

I suspect then it chose the yahoo servers instead of the att documented servers shown here

ejp_1

Teacher

 • 

55 Messages

Just below in this chain 4 mo ago you said:

"Email app not listed?

Here’s a quick way to find out if your email app uses OAuth. Start setting up a new email account in your app. Your app may offer you a list of email providers that includes Yahoo. If it does, your email app is OAuth compatible. Be sure to select Yahoo as your provider. You’re all set!"

When I do this on an iPad 7" running iOS 13.3.1 selecting Yahoo with Apple mail gives me a POP3 acct, but I want IMAP. See no way selecting Yahoo to get IMAP. So, I select the "other" option at the bottom and get IMAP and it's working again for now. The initial problem is incoming email randomly stops until I do any of several things including 1) stop/start email and reboot iPad, or 2) delete acct and recreate, 3) or just reboot. It's working ok now, but we've been fooled before. It could quit again tomorrow. This seems to have occured about the time ATT invoked the Oauth thing. But, Apple mail is Oauth compliant, right? since Yahoo is in the list. But Yahoo gives me only POP unless I do it manually then I get Yahoo.com servers.

Here's the summary:

Only work with IMAP.mail.yahoo.com......... newer iPad 7 with iOS 13.3.1 but manual set-up, otherwise I get POP3. Windows 10 w eMClient and AUTO setup gives me IMAP. Latest rev v7 eMClient.

Only work with IMAP.mail.att.net....2 ea old iPhone 4 and old iPad 4. Both devices maxed out on last OS supported. Manual setup for IMAP otherwise I get POP3.

The commonality seems to be newer gear on the latest OS available wants Yahoo server and accepts the auto set-up process. Old gear wants att.net and has to be manual set up by selecting "other".

Is this your understanding?

Now that I have this straight, still no confidence that tomorrow or a week from now mail won't stop arriving on the iPad 7 (yahoo server) until I delete and recreate the account. Or at least stop/start after a 30 min wait before the restart. A few days ago I had to this every hour or so. Would a "secure mail key" fix this? Thought you only needed tha if the mail app was not Oauth compliant.

Thanks for any comments.

ejp_1

Teacher

 • 

55 Messages

a year ago

On Oauth on iPad, it's the Apple email app being used, so pretty sure it's using Oauth.

 

On the Windows 10 eMClient Oauth issue,

 

Here's what it says  on link you provided for using an email client not listed on the same page. "be sure to select Yahoo...". I did and it worked but, yes, it did select the Yahoo IMAP  and SMTP servers. I can always manually set it to ATT, but seems to be working fine with no missing email.

 

ATT's instructions at your above link where you say "shown here":

"Email app not listed?
Here’s a quick way to find out if your email app uses OAuth. Start setting up a new email account in your app. Your app may offer you a list of email providers that includes Yahoo. If it does, your email app is OAuth compatible. Be sure to select Yahoo as your provider. You’re all set!"

 

On my pacbell.net domain, agreed seems highly improbable that ATT would mess with that but I spent hours trying to receive email from Kohls and recently our Western Digital NAS server when I wanted to change password to debug why I can't login. 8 or 10 attempts failed to deliver the "change password" confirmation email to my Inbox, even with WD tech support on the line. He said, get a new email address.  The admin for the NAS server gave it my new gmail email and it works fine. Doubly odd since I've been using the same login credentials (with pacbell.net) for 2-3 yrs with not one glitch till it suddenly quit working.

 

Thanks for the quick replies.

Get started...

Ask a new question